The Federal Office for Information Security (BSI) and the Federal Office for the Protection of the Constitution (also known as the Bundesamt für Verfassungsschutz, or BfV) of Germany have jointly released an advisory warning about a malicious cyber campaign that involves phishing attacks using the Signal messaging app and is likely to be carried out by a state-sponsored threat actor. According to the agencies, "the focus is on high-ranking targets in politics, the military, and diplomacy, as well as investigative journalists in Germany and Europe." "Unauthorized access to messenger accounts has the potential to compromise entire networks in addition to providing access to private and sensitive communications."

One notable feature of the campaign is that it doesn't use any security flaws in the privacy-focused messaging platform or distribute malware.

Instead, the ultimate objective is to use its legitimate features as a weapon to gain secret access to a victim's contact lists and chat history. The attack chain is as follows: the threat actors pose as "Signal Support" or a support chatbot called "Signal Security ChatBot" to approach potential targets directly and demand that they provide a PIN or verification code that they received through SMS, failing which they risk losing their data. The development coincides with the Norwegian government accusing Chinese-backed hacking groups, such as Salt Typhoon, of breaking into multiple organizations in the country by taking advantage of weak network devices.

The government also criticized Russia for closely monitoring military targets and allied activities and Iran for monitoring dissidents.

China is "systematically" abusing joint research and development initiatives to bolster its own security and intelligence capabilities, the agency added. It is important to remember that Chinese law mandates that software flaws found by Chinese researchers be reported to the authorities within two days of their discovery.In order to gather data about dissidents and their networks, Iranian cyber threat actors breach their private computers, social media profiles, and email accounts, according to PST.

"These actors possess sophisticated capabilities and will persist in refining their strategies to carry out more precise and invasive operations against Norwegian citizens." The revelation comes after CERT Polska issued an advisory stating that a Russian nation-state hacking group known as Static Tundra is probably responsible for coordinated cyberattacks against over 30 wind and photovoltaic farms, a manufacturing private company, and a sizable combined heat and power plant (CHP) that provides heat to nearly half a million people in the nation.